Cybereason Nocturnus team identifies a malware targeting customers of an e-commerce platform

In News

Cybereason today announced that the Cybereason Nocturnus Team has identified an active campaign targeting customers of a larger e-commerce platform with newly identified multi-stage malware that evades antivirus tools dubbed Chaes. The info-stealing malware is designed to harvest sensitive consumer information, including login credentials, credit card numbers and other financial information.

The Cybereason Nocturnus Team has been tracking threat actors leveraging the previously undetected Chaes malware to primarily target Brazilian customers of the largest e-commerce company in Latin America, MercadoLivre.

Key Findings:
● Credential Stealing, Screen Capture, Browser Monitoring, Reconnaissance: Chaes is designed to steal sensitive information from the browser such as login credentials, credit card numbers, and other financial information from MercadoLivre website customers. Chaes also takes screenshots of the infected machine, hooks and monitors the Chrome web browser to collect user information from infected hosts.

● Multistage Delivery, Multi-Language Malware: Chaes infections consist of several stages that include use of LoLbins and other legitimate software, making it very challenging to detect by traditional antivirus tools. Chaes also executes multiple stages and is written in several programming languages including Javascript, Vbscript, .NET , Delphi and Node.js.

● Downloads Legitimate Software, Designed for Stealth: Chaes operates using legitimate tools such as Python, Unrar and Node.js, and functional stages consist of several techniques such as use of LoLbins, open source tools, fileless actions and use of legitimate node.js libraries designed to increase the malware’s stealthiness.

“Threat actors put a great deal of time, resources and effort into choosing their targets for criminal operations such as this, and a return on their investment is always top of mind. Undoubtedly, the dramatic increase in the volume of online shopping transactions has not escaped their notice, so it’s not surprising to see new and ever-more sophisticated malware variants emerging to take advantage of the current circumstances,” said Lior Div, Cybereason co-founder and CEO. “Individuals should be vigilant when it comes to cyber hygiene to avoid malware infections in general, and should maintain situational awareness when engaged in online shopping or banking to avoid becoming the victim attackers trying to take advantage of the pandemic and the recent increase in online financial activities.”


You may also read!

Cofense introduces new Cofense Resource Center

Cofense introduced the new Cofense Resource Center, formerly known as Community. The company has completely transformed its centralized resource hub exclusively


Secureworks announce improvements to Threat Detection and Response

Secureworks announced improvements to Threat Detection and Response (TDR) that directly address customers’ needs for a compelling SIEM alternative.


Bulwark announced its presence at GISEC 2020

With an intense focus on boosting the IT security, communications & technology industries in the Middle East region, UAE-based


Join Our Newsletter!

Love SecurityMEA? We love to tell you about our new stuff. Subscribe to newsletter!

Mobile Sliding Menu